dependabot-conda 0.325.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 3f7c158f585649b7dd0c70aad680932fb5925fe91a19bb969edef4060a581104
+  data.tar.gz: a20edf95149380ede0798e4054504f4a829c9ce614c4ee363b2baeea71590fcb
+SHA512:
+  metadata.gz: 2da367713845fd1065fdf607fb1835a3f59d1a980b4fa389fa92e79b0fba45bb7b614aabcb127c572c658bf8c1c822c8be64f546f6ef1b155cf5f94b906b5f4a
+  data.tar.gz: 32128d133c34b2ee87579c602f6d012c88f299ef45618e93042b9342460900161802c2cf393095cf8eef904394d8e3fb29cac24c044ea57fcd29208bbb7cfd11

data/lib/dependabot/conda/file_fetcher.rb

@@ -0,0 +1,153 @@
+# typed: strict
+# frozen_string_literal: true
+
+require "sorbet-runtime"
+require "dependabot/file_fetchers"
+require "dependabot/file_fetchers/base"
+require "dependabot/conda/python_package_classifier"
+
+module Dependabot
+  module Conda
+    class FileFetcher < Dependabot::FileFetchers::Base
+      extend T::Sig
+
+      ENVIRONMENT_FILE_NAMES = T.let(%w(
+        environment.yml
+        environment.yaml
+      ).freeze, T::Array[String])
+
+      sig { override.params(filenames: T::Array[String]).returns(T::Boolean) }
+      def self.required_files_in?(filenames)
+        filenames.any? { |filename| ENVIRONMENT_FILE_NAMES.include?(filename) }
+      end
+
+      sig { override.returns(String) }
+      def self.required_files_message
+        "Repo must contain an environment.yml or environment.yaml file."
+      end
+
+      sig { override.returns(T::Array[DependencyFile]) }
+      def fetch_files
+        unless allow_beta_ecosystems?
+          raise Dependabot::DependencyFileNotFound.new(
+            nil,
+            "Conda support is currently in beta. Set ALLOW_BETA_ECOSYSTEMS=true to enable it."
+          )
+        end
+
+        fetched_files = []
+
+        ENVIRONMENT_FILE_NAMES.each do |filename|
+          environment_file = fetch_file_if_present(filename)
+          fetched_files << environment_file if environment_file
+        end
+
+        # If no environment files found, return empty (will cause appropriate error)
+        return fetched_files if fetched_files.empty?
+
+        # Validate that at least one environment file contains manageable Python packages
+        fetched_files.each do |file|
+          return fetched_files if environment_contains_manageable_packages?(file)
+        end
+
+        raise Dependabot::DependencyFileNotFound, unsupported_environment_message
+      end
+
+      private
+
+      # Check if an environment file contains Python packages we can manage
+      sig { params(file: DependencyFile).returns(T::Boolean) }
+      def environment_contains_manageable_packages?(file)
+        content = file.content
+        return false unless content
+
+        parsed_yaml = begin
+          parse_yaml_content(content)
+        rescue Psych::SyntaxError => e
+          Dependabot.logger.error("YAML parsing error: #{e.message}")
+          nil
+        end
+        return false unless parsed_yaml
+
+        manageable_conda_packages?(parsed_yaml) || manageable_pip_packages?(parsed_yaml)
+      end
+
+      # Parse YAML content and return parsed hash or nil
+      sig { params(content: String).returns(T.nilable(T::Hash[T.untyped, T.untyped])) }
+      def parse_yaml_content(content)
+        require "yaml"
+        parsed = YAML.safe_load(content)
+        parsed.is_a?(Hash) ? parsed : nil
+      end
+
+      # Check if the parsed YAML contains manageable conda packages
+      sig { params(parsed_yaml: T::Hash[T.untyped, T.untyped]).returns(T::Boolean) }
+      def manageable_conda_packages?(parsed_yaml)
+        dependencies = parsed_yaml["dependencies"]
+        return false unless dependencies.is_a?(Array)
+
+        simplified_packages = dependencies.select do |dep|
+          dep.is_a?(String) && !fully_qualified_spec?(dep) &&
+            PythonPackageClassifier.python_package?(PythonPackageClassifier.extract_package_name(dep))
+        end
+        simplified_packages.any?
+      end
+
+      # Check if the parsed YAML contains manageable pip packages
+      sig { params(parsed_yaml: T::Hash[T.untyped, T.untyped]).returns(T::Boolean) }
+      def manageable_pip_packages?(parsed_yaml)
+        dependencies = parsed_yaml["dependencies"]
+        return false unless dependencies.is_a?(Array)
+
+        pip_deps = dependencies.find { |dep| dep.is_a?(Hash) && dep.key?("pip") }
+        return false unless pip_deps && pip_deps["pip"].is_a?(Array)
+
+        python_pip_packages = pip_deps["pip"].select do |pip_dep|
+          pip_dep.is_a?(String) &&
+            PythonPackageClassifier.python_package?(PythonPackageClassifier.extract_package_name(pip_dep))
+        end
+        python_pip_packages.any?
+      end
+
+      # Check if a package specification is fully qualified (build string included)
+      sig { params(spec: String).returns(T::Boolean) }
+      def fully_qualified_spec?(spec)
+        # Fully qualified specs have format: package=version=build_string
+        # e.g., "numpy=1.21.0=py39h20f2e39_0"
+        parts = spec.split("=")
+        return false unless parts.length >= 3
+
+        build_string = parts[2]
+        return false unless build_string
+
+        build_string.match?(/^[a-zA-Z0-9_]+$/)
+      end
+
+      sig { returns(String) }
+      def unsupported_environment_message
+        <<~MSG
+          This Conda environment file is not currently supported by Dependabot.
+
+          Dependabot-Conda supports Python packages only and requires one of the following:
+
+          1. **Simplified conda specifications**: Dependencies using simple version syntax (e.g., numpy=1.21.0)
+          2. **Pip section with Python packages**: A 'pip:' section containing Python packages from PyPI
+
+          **Not supported:**
+          - Fully qualified conda specifications (e.g., numpy=1.21.0=py39h20f2e39_0)
+          - Non-Python packages (R packages, system tools, etc.)
+          - Environments without any Python packages
+
+          To make your environment compatible:
+          - Use simplified conda package specifications for conda packages
+          - Add a pip section for PyPI packages
+          - Focus on Python packages only
+
+          For more information, see the Dependabot-Conda documentation.
+        MSG
+      end
+    end
+  end
+end
+
+Dependabot::FileFetchers.register("conda", Dependabot::Conda::FileFetcher)

data/lib/dependabot/conda/file_parser.rb

@@ -0,0 +1,285 @@
+# typed: strict
+# frozen_string_literal: true
+
+require "yaml"
+require "sorbet-runtime"
+require "dependabot/file_parsers"
+require "dependabot/file_parsers/base"
+require "dependabot/conda/python_package_classifier"
+require "dependabot/conda/requirement"
+require "dependabot/conda/version"
+
+module Dependabot
+  module Conda
+    class FileParser < Dependabot::FileParsers::Base
+      extend T::Sig
+
+      sig { override.returns(T::Array[Dependabot::Dependency]) }
+      def parse
+        dependencies = T.let([], T::Array[Dependabot::Dependency])
+
+        environment_files.each do |file|
+          dependencies.concat(parse_environment_file(file))
+        end
+
+        dependencies.uniq
+      end
+
+      private
+
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
+      def environment_files
+        dependency_files.select { |f| f.name.match?(/^environment\.ya?ml$/i) }
+      end
+
+      sig { params(file: Dependabot::DependencyFile).returns(T::Array[Dependabot::Dependency]) }
+      def parse_environment_file(file)
+        dependencies = T.let([], T::Array[Dependabot::Dependency])
+
+        begin
+          content = file.content || ""
+          parsed_yaml = YAML.safe_load(content)
+          return dependencies unless parsed_yaml.is_a?(Hash)
+
+          # Parse main dependencies (conda packages)
+          if parsed_yaml["dependencies"].is_a?(Array)
+            dependencies.concat(parse_conda_dependencies(parsed_yaml["dependencies"], file))
+          end
+
+          # Parse pip dependencies if present
+          pip_deps = find_pip_dependencies(parsed_yaml["dependencies"])
+          dependencies.concat(parse_pip_dependencies(pip_deps, file)) if pip_deps
+        rescue Psych::SyntaxError, Psych::DisallowedClass => e
+          raise Dependabot::DependencyFileNotParseable, "Invalid YAML in #{file.name}: #{e.message}"
+        end
+
+        dependencies
+      end
+
+      sig do
+        params(dependencies: T::Array[T.untyped],
+               file: Dependabot::DependencyFile).returns(T::Array[Dependabot::Dependency])
+      end
+      def parse_conda_dependencies(dependencies, file)
+        parsed_dependencies = T.let([], T::Array[Dependabot::Dependency])
+
+        # Check if environment has fully qualified packages (Tier 2)
+        has_fully_qualified = dependencies.any? do |dep|
+          dep.is_a?(String) && fully_qualified_package?(dep)
+        end
+
+        dependencies.each do |dep|
+          next unless dep.is_a?(String)
+          next if dep.is_a?(Hash) # Skip pip section
+
+          # Skip conda dependencies if we have fully qualified packages (Tier 2 support)
+          next if has_fully_qualified
+
+          parsed_dep = parse_conda_dependency_string(dep, file)
+          next unless parsed_dep
+          next unless python_package?(parsed_dep[:name])
+          next if parsed_dep[:name] == "pip" # Skip pip itself as it's infrastructure
+
+          parsed_dependencies << create_dependency(
+            name: parsed_dep[:name],
+            version: parsed_dep[:version],
+            requirements: parsed_dep[:requirements],
+            package_manager: "conda"
+          )
+        end
+
+        parsed_dependencies
+      end
+
+      sig { params(dependencies: T.nilable(T::Array[T.untyped])).returns(T.nilable(T::Array[String])) }
+      def find_pip_dependencies(dependencies)
+        return nil unless dependencies.is_a?(Array)
+
+        pip_section = dependencies.find { |dep| dep.is_a?(Hash) && dep["pip"] }
+        return nil unless pip_section
+
+        pip_deps = pip_section["pip"]
+        pip_deps.is_a?(Array) ? pip_deps : nil
+      end
+
+      sig do
+        params(pip_deps: T::Array[String], file: Dependabot::DependencyFile).returns(T::Array[Dependabot::Dependency])
+      end
+      def parse_pip_dependencies(pip_deps, file)
+        parsed_dependencies = T.let([], T::Array[Dependabot::Dependency])
+
+        pip_deps.each do |dep|
+          next unless dep.is_a?(String)
+
+          parsed_dep = parse_pip_dependency_string(dep, file)
+          next unless parsed_dep
+
+          parsed_dependencies << create_dependency(
+            name: parsed_dep[:name],
+            version: parsed_dep[:version],
+            requirements: parsed_dep[:requirements],
+            package_manager: "conda"
+          )
+        end
+
+        parsed_dependencies
+      end
+
+      sig do
+        params(dep_string: String, file: Dependabot::DependencyFile).returns(T.nilable(T::Hash[Symbol, T.untyped]))
+      end
+      def parse_conda_dependency_string(dep_string, file)
+        return nil if dep_string.nil?
+
+        # Handle channel specifications: conda-forge::numpy=1.21.0
+        normalized_dep_string = normalize_conda_dependency_string(dep_string)
+        return nil if normalized_dep_string.nil?
+
+        # Parse conda-style version specifications
+        # Examples: numpy=1.21.0, scipy>=1.7.0, pandas, python=3.9, python>=3.8,<3.11
+        match = normalized_dep_string.match(/^([a-zA-Z0-9_.-]+)(?:\s*(.+))?$/)
+        return nil unless match
+
+        name = match[1]
+        constraint = match[2]&.strip
+
+        version = extract_conda_version(constraint)
+        requirements = build_conda_requirements(constraint, file)
+
+        {
+          name: name,
+          version: version,
+          requirements: requirements
+        }
+      end
+
+      sig { params(dep_string: String).returns(T.nilable(String)) }
+      def normalize_conda_dependency_string(dep_string)
+        return dep_string unless dep_string.include?("::")
+
+        parts = dep_string.split("::", 2)
+        parts[1]
+      end
+
+      sig { params(constraint: T.nilable(String)).returns(T.nilable(String)) }
+      def extract_conda_version(constraint)
+        return nil unless constraint
+
+        case constraint
+        when /^=([0-9][a-zA-Z0-9._+-]+)$/
+          # Exact conda version: =1.26.0
+          constraint[1..-1] # Remove the = prefix
+        when /^>=([0-9][a-zA-Z0-9._+-]+)$/
+          # Minimum version constraint: >=1.26.0
+          # For security purposes, treat this as the current version
+          constraint[2..-1] # Remove the >= prefix
+        when /^~=([0-9][a-zA-Z0-9._+-]+)$/
+          # Compatible release: ~=1.26.0
+          constraint[2..-1] # Remove the ~= prefix
+        end
+      end
+
+      sig do
+        params(constraint: T.nilable(String),
+               file: Dependabot::DependencyFile).returns(T::Array[T::Hash[Symbol, T.untyped]])
+      end
+      def build_conda_requirements(constraint, file)
+        return [] unless constraint && !constraint.empty?
+
+        [{
+          requirement: constraint,
+          file: file.name,
+          source: nil,
+          groups: ["dependencies"]
+        }]
+      end
+
+      sig do
+        params(dep_string: String, file: Dependabot::DependencyFile).returns(T.nilable(T::Hash[Symbol, T.untyped]))
+      end
+      def parse_pip_dependency_string(dep_string, file)
+        # Handle pip-style specifications: requests==2.25.1, flask>=1.0.0
+        match = dep_string.match(/^([a-zA-Z0-9_.-]+)(?:\s*(==|>=|>|<=|<|!=|~=)\s*([0-9][a-zA-Z0-9._+-]*))?$/)
+        return nil unless match
+
+        name = match[1]
+        operator = match[2]
+        version = match[3]
+
+        # Extract meaningful version information for security update purposes
+        extracted_version = nil
+        if version
+          case operator
+          when "==", "="
+            # Exact version: use as-is
+            extracted_version = version
+          when ">=", "~="
+            # Minimum version constraint: use the specified version as current
+            # This allows security updates to work by treating the constraint as current version
+            extracted_version = version
+          when ">"
+            # Greater than: we can't determine exact version, leave as nil
+            extracted_version = nil
+          when "<=", "<", "!="
+            # Upper bounds or exclusions: not useful for determining current version
+            extracted_version = nil
+          end
+        end
+
+        requirements = if operator && version
+                         [{
+                           requirement: "#{operator}#{version}",
+                           file: file.name,
+                           source: nil,
+                           groups: ["pip"]
+                         }]
+                       else
+                         []
+                       end
+
+        {
+          name: name,
+          version: extracted_version,
+          requirements: requirements
+        }
+      end
+
+      sig do
+        params(
+          name: String,
+          version: T.nilable(String),
+          requirements: T::Array[T::Hash[Symbol, T.untyped]],
+          package_manager: String
+        ).returns(Dependabot::Dependency)
+      end
+      def create_dependency(name:, version:, requirements:, package_manager:)
+        Dependabot::Dependency.new(
+          name: name,
+          version: version,
+          requirements: requirements,
+          package_manager: package_manager
+        )
+      end
+
+      sig { params(package_name: String).returns(T::Boolean) }
+      def python_package?(package_name)
+        PythonPackageClassifier.python_package?(package_name)
+      end
+
+      sig { params(dep_string: String).returns(T::Boolean) }
+      def fully_qualified_package?(dep_string)
+        # Fully qualified packages have build strings after the version
+        # Format: package=version=build_string
+        # Example: python=3.9.7=h60c2a47_0_cpython
+        dep_string.count("=") >= 2
+      end
+
+      sig { override.returns(T::Boolean) }
+      def check_required_files
+        dependency_files.any? { |f| f.name.match?(/^environment\.ya?ml$/i) }
+      end
+    end
+  end
+end
+
+Dependabot::FileParsers.register("conda", Dependabot::Conda::FileParser)

data/lib/dependabot/conda/file_updater.rb

@@ -0,0 +1,225 @@
+# typed: strict
+# frozen_string_literal: true
+
+require "yaml"
+require "sorbet-runtime"
+require "dependabot/file_updaters"
+require "dependabot/file_updaters/base"
+require "dependabot/conda/requirement"
+
+module Dependabot
+  module Conda
+    class FileUpdater < Dependabot::FileUpdaters::Base
+      extend T::Sig
+
+      ENVIRONMENT_REGEX = /^environment\.ya?ml$/i
+
+      # Common version constraint pattern for conda and pip dependencies
+      VERSION_CONSTRAINT_PATTERN = '(\s*[=<>!~]=?\s*[^#\s]\S*(?:\s*,\s*[=<>!~]=?\s*[^#\s]\S*)*)?'
+
+      # Regex patterns for dependency matching
+      CONDA_CHANNEL_PATTERN = T.let(lambda do |name|
+        /^(\s{2,4}-\s+[a-zA-Z0-9_.-]+::)(#{Regexp.escape(name)})#{VERSION_CONSTRAINT_PATTERN}(\s*)(#.*)?$/
+      end, T.proc.params(arg0: T.untyped).returns(Regexp))
+
+      CONDA_SIMPLE_PATTERN = T.let(lambda do |name|
+        /^(\s{2,4}-\s+)(#{Regexp.escape(name)})#{VERSION_CONSTRAINT_PATTERN}(\s*)(#.*)?$/
+      end, T.proc.params(arg0: T.untyped).returns(Regexp))
+
+      PIP_PATTERN = T.let(lambda do |name|
+        /^(\s{5,}-\s+)(#{Regexp.escape(name)})#{VERSION_CONSTRAINT_PATTERN}(\s*)(#.*)?$/
+      end, T.proc.params(arg0: T.untyped).returns(Regexp))
+
+      sig { override.returns(T::Array[Regexp]) }
+      def self.updated_files_regex
+        [ENVIRONMENT_REGEX]
+      end
+
+      sig { override.returns(T::Array[Dependabot::DependencyFile]) }
+      def updated_dependency_files
+        updated_files = T.let([], T::Array[Dependabot::DependencyFile])
+
+        environment_files.each do |file|
+          updated_file = update_environment_file(file)
+          # Always include a file (even if unchanged) to match expected behavior
+          updated_files << (updated_file || file)
+        end
+
+        updated_files
+      end
+
+      private
+
+      sig { override.void }
+      def check_required_files
+        filenames = dependency_files.map(&:name)
+        raise "No environment.yml file found!" unless filenames.any? { |name| name.match?(/^environment\.ya?ml$/i) }
+        # File found, all good
+      end
+
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
+      def environment_files
+        dependency_files.select { |f| f.name.match?(/^environment\.ya?ml$/i) }
+      end
+
+      sig { params(file: Dependabot::DependencyFile).returns(T.nilable(Dependabot::DependencyFile)) }
+      def update_environment_file(file)
+        content = file.content || ""
+        updated_content = T.let(content.dup, String)
+
+        return nil unless valid_yaml_content?(content, file.name)
+
+        content_updated = update_dependencies_in_content(updated_content, file.name)
+        return nil unless content_updated
+
+        file.dup.tap { |f| f.content = updated_content }
+      end
+
+      sig { params(content: String, filename: String).returns(T.any(T::Boolean, T.noreturn)) }
+      def valid_yaml_content?(content, filename)
+        parsed_yaml = YAML.safe_load(content)
+        return false unless parsed_yaml.is_a?(Hash) && parsed_yaml["dependencies"].is_a?(Array)
+
+        true
+      rescue Psych::SyntaxError, Psych::DisallowedClass => e
+        raise Dependabot::DependencyFileNotParseable, "Invalid YAML in #{filename}: #{e.message}"
+      end
+
+      sig { params(content: String, filename: String).returns(T::Boolean) }
+      def update_dependencies_in_content(content, filename)
+        content_updated = T.let(false, T::Boolean)
+
+        dependencies.each do |dependency|
+          dependency_updated = update_dependency_in_content(content, dependency)
+          if dependency_updated[:updated]
+            content.replace(T.cast(dependency_updated[:content], String))
+            content_updated = true
+          elsif dependency_updated[:not_found]
+            handle_dependency_not_found(dependency, filename)
+          end
+        end
+
+        content_updated
+      end
+
+      sig { params(dependency: Dependabot::Dependency, filename: String).void }
+      def handle_dependency_not_found(dependency, filename)
+        return unless dependencies.length == 1
+
+        raise Dependabot::DependencyFileNotFound,
+              "Unable to find dependency #{dependency.name} in #{filename}"
+      end
+
+      sig do
+        params(
+          content: String,
+          dependency: Dependabot::Dependency
+        ).returns(T::Hash[Symbol, T.untyped])
+      end
+      def update_dependency_in_content(content, dependency)
+        return { updated: false, content: content, not_found: false } unless dependency.version
+
+        # Try to update in main conda dependencies section
+        conda_result = update_conda_dependency_in_content(content, dependency)
+        return conda_result if conda_result[:updated] || conda_result[:not_found]
+
+        # Try to update in pip dependencies section
+        pip_result = update_pip_dependency_in_content(content, dependency)
+        return pip_result if pip_result[:updated]
+
+        # Dependency not found in either section
+        { updated: false, content: content, not_found: true }
+      end
+
+      sig do
+        params(
+          content: String,
+          dependency: Dependabot::Dependency
+        ).returns(T::Hash[Symbol, T.untyped])
+      end
+      def update_conda_dependency_in_content(content, dependency)
+        # Pattern to match conda dependency lines (with optional channel prefix)
+        # Matches: "  - numpy=1.26", "  - conda-forge::numpy>=1.21.0", "  - numpy >= 1.21.0  # comment", etc.
+        # Enhanced to handle flexible indentation, space around operators, and comment preservation
+        # But restrict to main dependencies section (not deeply nested like pip section)
+        conda_patterns = [
+          # With channel prefix - main dependencies section (2-4 spaces to avoid pip section)
+          CONDA_CHANNEL_PATTERN.call(dependency.name),
+          # Without channel prefix - main dependencies section (2-4 spaces to avoid pip section)
+          CONDA_SIMPLE_PATTERN.call(dependency.name)
+        ]
+
+        conda_patterns.each do |pattern|
+          next unless content.match?(pattern)
+
+          updated_content = content.gsub(pattern) do
+            prefix = ::Regexp.last_match(1)
+            name = ::Regexp.last_match(2)
+            whitespace_before_comment = ::Regexp.last_match(4) || ""
+            comment = ::Regexp.last_match(5) || ""
+            # Use the requirement from the dependency object, or default to =version
+            new_requirement = get_requirement_for_dependency(dependency, "conda")
+            "#{prefix}#{name}#{new_requirement}#{whitespace_before_comment}#{comment}"
+          end
+          return { updated: true, content: updated_content, not_found: false }
+        end
+
+        { updated: false, content: content, not_found: false }
+      end
+
+      sig do
+        params(
+          content: String,
+          dependency: Dependabot::Dependency
+        ).returns(T::Hash[Symbol, T.untyped])
+      end
+      def update_pip_dependency_in_content(content, dependency)
+        # Pattern to match pip dependency lines in pip section
+        # Enhanced to handle flexible indentation for pip section (5+ spaces to distinguish from main deps),
+        # better operator support, and multiple constraints like "requests>=2.25.0,<3.0"
+        # Capture whitespace between requirement and comment to preserve formatting
+        pip_pattern = PIP_PATTERN.call(dependency.name)
+
+        if content.match?(pip_pattern)
+          updated_content = content.gsub(pip_pattern) do
+            prefix = ::Regexp.last_match(1)
+            name = ::Regexp.last_match(2)
+            whitespace_before_comment = ::Regexp.last_match(4) || ""
+            comment = ::Regexp.last_match(5) || ""
+            # Use the requirement from the dependency object, or default to ==version
+            new_requirement = get_requirement_for_dependency(dependency, "pip")
+            "#{prefix}#{name}#{new_requirement}#{whitespace_before_comment}#{comment}"
+          end
+          return { updated: true, content: updated_content, not_found: false }
+        end
+
+        { updated: false, content: content, not_found: false }
+      end
+
+      sig do
+        params(
+          dependency: Dependabot::Dependency,
+          context: String
+        ).returns(String)
+      end
+      def get_requirement_for_dependency(dependency, context)
+        # Look for a requirement in the dependency's requirements array
+        requirements = dependency.requirements
+        requirement = nil
+
+        requirement = requirements.first&.dig(:requirement) unless requirements.empty?
+
+        return requirement if requirement && !requirement.empty?
+
+        # Fallback to default format based on context
+        if context == "pip"
+          "==#{dependency.version}"
+        else
+          "=#{dependency.version}"
+        end
+      end
+    end
+  end
+end
+
+Dependabot::FileUpdaters.register("conda", Dependabot::Conda::FileUpdater)